General
-
Target
Quotations.xlsx
-
Size
1.2MB
-
Sample
210816-myz8karbrx
-
MD5
fd084269903ab4b2354aabb96cf46764
-
SHA1
4f1ebf3cf19d8eb1a53b50bd4eaafff005c628cb
-
SHA256
d764c472456716972abf910c9568dffe1301cee889b69f5fee31521bbc950255
-
SHA512
f9b0b387c7ef1d409910826d639e1cea552098ff11eaaf1c6f9485cd06a0c75b9d9247b31dbb4b44845c5077b53a089dbc5ac2a25c43fedfa91cc9ba807b1cef
Static task
static1
Behavioral task
behavioral1
Sample
Quotations.xlsx
Resource
win7v20210410
Behavioral task
behavioral2
Sample
Quotations.xlsx
Resource
win10v20210408
Malware Config
Targets
-
-
Target
Quotations.xlsx
-
Size
1.2MB
-
MD5
fd084269903ab4b2354aabb96cf46764
-
SHA1
4f1ebf3cf19d8eb1a53b50bd4eaafff005c628cb
-
SHA256
d764c472456716972abf910c9568dffe1301cee889b69f5fee31521bbc950255
-
SHA512
f9b0b387c7ef1d409910826d639e1cea552098ff11eaaf1c6f9485cd06a0c75b9d9247b31dbb4b44845c5077b53a089dbc5ac2a25c43fedfa91cc9ba807b1cef
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modifies system executable filetype association
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-